I want to configure LEM to alert me when multiple files change (windows file servers). For example, I've had virus/malware change multiple files and want to get alerted when activity of this nature occur. any work instructions are welcome - thxs!
You need to install the LEM agent software on whatever servers you wish to manage.
Afterwards, enable the FIM software and make sure it watches all the files/folders/shares you wish to monitor (Be aware this can cause a HUGE increase in events on the LEM and you may need to increase its power by a significant amount depending on the file amounts and how often they area accessed)
Then put in a rule that says something like this:
I would include the source domain so that the system account won't generate false positives.
The correlation time should be adjusted depending on the frequency that those files are touched normally.
Then just put in an email alert and you should be good.
If you need further help, let me know!
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.